Feel free to discuss any topics relating to cybersecurity with the rest of the security community in this forum.
web pen testing on Prod and UAT
UAT on new application before launch to production. Fix the gaps before launch.
Production will be an annual one in accordance with TRM as company is under MAS regulations. Usually done during weekends or maintenance windows.
Please Log in or Create an account to join the conversation.
Typically, a UAT environment should mirror the Prod so that all the controls are same. And after testing or any scanning done at UAT, ensure the UAT environment is safe before pushing the same patch to Prod. But if you are going to do web pen test on Prod, i would suggest to do a black box testing and before that, just do a backup of everything.
Please Log in or Create an account to join the conversation.
- o_mandyplayhard
- Topic Author
- Offline
- Senior Member
- Posts: 75
- Thank you received: 0
thank u all for the advice.
Please Log in or Create an account to join the conversation.
u r welcome but seriously, just backup first. u wouldn't want ur management folks to scream if there's any data lost during the web PT
Please Log in or Create an account to join the conversation.
- o_mandyplayhard
- Topic Author
- Offline
- Senior Member
- Posts: 75
- Thank you received: 0
ask u guys, do u perform web PT on both Prod and UAT or either one? I know prod may seems tricky as it's live data but if we dun do on Prod then we won't know if its susceptible to vulnerabilities. opinions?
Please Log in or Create an account to join the conversation.
- o_twentysomething
- Offline
- Senior Member
- Posts: 51
- Thank you received: 0
@mandyplayhard I think better scan UAT, last time i scan prod and mess up some prod data and got scolded by boss. ur prod and uat should have same controls then at least make sense.
Please Log in or Create an account to join the conversation.